Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

File and printer sharing - which ports most dangerous?

Posted on 2008-10-07
15
Medium Priority
?
748 Views
Last Modified: 2012-05-05
File and prnter sharing under XP-pro covers 4 ports:
tcp 139
tcp 445
udp 137
udp 138

I already have tcp 445 open for a certain reason.  But now I need to open at least 1 other so that my Norman antivirus "Ndesk.exe" program on my server can function properly.
Norman support told me to open 1 of the other 3.  But they could not tell me which  2 of these 3 ports it would be best to keep closed for security reasons.

Which 2 should I keep closed??
0
Comment
Question by:Alistair7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
15 Comments
 
LVL 2

Expert Comment

by:DavidESL
ID: 22658860
I wouldn't open UDP 137 it's susceptible to DOS attacks will take out your WINS service if that service is running on the same machine

also look at this

http://www.iss.net/security_center/advice/Exploits/Ports/139/default.htm
0
 
LVL 2

Expert Comment

by:DavidESL
ID: 22658901
Sorry I forgot to ask, are you talking about opening theses ports to the internet?
0
 

Author Comment

by:Alistair7
ID: 22658931
I don't think I have a WINS service running.  But how can I confirm that?
If it is not running, could I then activate udp 137?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:Alistair7
ID: 22658957
Under advanced TCP/ip properties, under the WINS tab, I see:
An empty window under WINS addresses in order of preference.
Further down "aktivate LMHosts" is ticked.
NIETBIOS properties is set to "Standard"
0
 

Author Comment

by:Alistair7
ID: 22659037
Only my internal network. Not open to the internet.
0
 
LVL 2

Expert Comment

by:DavidESL
ID: 22659097
Sorry I re-read your original question this is justa desktop PC right? I doubt you have WINS running
however UDP 137 is a port that is probed a lot by potentially malicious individuals on the internet
0
 
LVL 2

Expert Comment

by:DavidESL
ID: 22659125
if it's not open to the internet then I don't see any issues with opening ports internally as long as you are sufficiently protected  from external sources by a firewall.
0
 

Author Comment

by:Alistair7
ID: 22659183
But there is also the danger of internal attack also.  So again, which would you recommend keeping closed out of tcp139 and udp137 ?
0
 
LVL 2

Accepted Solution

by:
DavidESL earned 2000 total points
ID: 22659271
ah OK the problem with this then is if you have shared resources on your computer that are accessed by other machines on your LAN then closing 139 on that  particular machine wil block the use of the shared resources. 139 is a dangerous port to have open if you are not confident that it wont be used maliciously by other users on the same network. if you are not sharing anything on that machine then definately close TCP 139
0
 
LVL 2

Expert Comment

by:DavidESL
ID: 22659331
alternatively use windows firewall to control what machines have access to that those ports and block all other IP addresses.
0
 

Author Comment

by:Alistair7
ID: 22659332
Thanks very much David.  Bye.
0
 
LVL 2

Expert Comment

by:DavidESL
ID: 22659350
is that what you where looking for ?
0
 

Author Comment

by:Alistair7
ID: 22659432
Yes it was, except for 1 other question which occured to me:

UDP ports broadcast over the entire LAN and TCP ports send packets to specific ip addresses.

So forcing 40 computers on a LAN to use udp instead of tcp might create some flooding or overload of the LAN.

Any brief comments?
0
 
LVL 2

Expert Comment

by:DavidESL
ID: 22659529
what are your concerns over an internal attack?
you are correct that opening UDP 137 can cause flooding see here.

http://www.experts-exchange.com/Networking/Windows_Networking/Internet_Protocols/Net_BIOS_and_NetBEUI/Q_22849757.html



0
 

Author Comment

by:Alistair7
ID: 22659589
Thanks a lot for those comments.  You've given me a lot to think about.
I won't take anymore of your time.

Thanks again.  Bye
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question